Millions of Credit, Debit Cards May Have Been Stolen in Sonic Drive-In Data Breach

Sonic Drive-In has confirmed that there has been "unusual activity" with credit and debit cards used at an unknown number of their fast-food restaurants, leading to the theft of possibly millions of customers' financial information.

The security breach was first reported by the security website KrebsOnSecurity after they were notified by multiple financial institutions that there has been a recent pattern of fraudulent transactions on cards that had all been recently used at a Sonic.

Up to 5 million stolen credit cards are being "peddled in shadowy underground cybercrime stores," the security website reported on Tuesday.

“Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,” Christi Woodworth, VP of public relations at Sonic, said in a statement. “The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

According to Woodworth, the investigation is still in its early stages and they do not yet know how many of the 3,600 Sonic locations or which stores were affected by the hack.

Stolen credit card information is being sold for $25 to $50 on a card theft website. There are also unconfirmed reports that other restaurant brands may also be compromised by these same attackers.